07:35 delphij 

Document multiple NTP vulnerabilities.

 

20:22 riggs 

Document CVE-2018-6056 in chromium 64.0.3282.167

Reported by:	Tommi Pernila <tommi.pernila@iki.fi> (via e-mail)

 

20:15 riggs 

Document multiple vulnerabilities in chromium 64.0.3282.119

Reported by:	Tommi Pernila <tommi.pernila@iki.fi> (via e-mail)

 

20:03 riggs 

Document CVE-2018-1304 and CVE-2018-1305 in Apache Tomcat

Submitted by:	Roger Marquis <marquis@roble.com> via e-mail

 

15:22 girgen 

Document security problems with shibboleth-sp

Security:	CVE-2018-0489

 

19:39 joneum 

Document multiple vulnerabilities in www/drupal7 and www/drupal8

Security:	CVE-2017-6927
Security:	CVE-2017-6928
Security:	CVE-2017-6929
Security:	CVE-2017-6930
Security:	CVE-2017-6931
Security:	CVE-2017-6932

 

10:44 tota 

- Fix range for ja-mailman in CVE-2018-5950

 

09:14 riggs 

Document ssh injection vulnerability in devel/cvs

PR:		226088
Reported by:	fk@fabiankeil.de
Security:	CVE-2017-12836

 

22:00 dbaio 

security/vuxml: Document vulnerability in editors/libreoffice

Security:	CVE-2018-6871

PR:		225797
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

13:25 dbaio 

security/vuxml: Document vulnerabilities in www/squid

Security:	CVE-2018-1000024
Security:	CVE-2018-1000027

PR:		226138
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

 

19:42 dbaio 

security/vuxml: Fix freebsdpr entry (r462310)

 

10:16 madpilot 

Document new asterisk and pjsip vulnerabilities.

 

07:15 matthew 

Document the latest phpMyAdmin security advisory PMASA-2018-1

 

09:12 tz 

Document GitLab Vulnerability

Security:
https://vuxml.FreeBSD.org/freebsd/86291013-16e6-11e8-ae9f-d43d7e971a1b.html

 

12:24 dbaio 

security/vuxml: Document multiple vulnerabilities in irc/irssi

Security:	CVE-2018-7054
Security:	CVE-2018-7053
Security:	CVE-2018-7052
Security:	CVE-2018-7051
Security:	CVE-2018-7050

PR:		226001
Reported by:	tj@mrsk.me (email)
Reported by:	David O'Rourke <dor.bsd@xm0.uk>

 

19:09 adamw 

Add Mojolicious vulnerability, for which there is very little
information about the actual issue.

 

09:42 ohauer 

- document bugzilla44 and bugzilla50 CVE issue

 

16:56 leres 

Mark bro < 2.5.3 as vulnerable as per:

    http://blog.bro.org/2018/02/bro-253-released-security-update.html

Reviewed by:	matthew (mentor)
Approved by:	matthew (mentor)
Differential Revision:	https://reviews.freebsd.org/D14395

 

15:43 sunpoet 

Fix typo

 

03:38 swills 

Document consul issue

 

01:02 leres 

Mark bro < 2.5.2 as vulnerable as per:

    http://blog.bro.org/2017/10/bro-252-242-release-security-update.html

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Security:	CVE-2017-1000458
Differential Revision:	https://reviews.freebsd.org/D14394

 

22:20 pi 

security/vuxml: 4 CVEs for net/quagga

 

17:42 jhale 

Document vulnerabilities in graphics/libraw

 

21:02 yuri 

VulnXML: Bitmessage vulnerability

No CVE is available. CVE is requested.
The bitmessage port will be updated shortly.

Approved by:	tcberner

 

17:42 swills 

Document Jenkins vulnerability

 

23:40 yuri 

VulnXML records for vulnerabilities of sysutils/bchunk fixed in the upcoming
update to 1.2.2 (bug#225772)

Approved by:	tcberner (mentor, implicit)

 

09:23 vsevolod 

- Document www/uwsgi vulnerability

 

09:16 vsevolod 

- Fix URL in blockquote

Reported by:	remko via private email

 

22:03 cpm 

Correct affected version of Mpv

 

16:52 sunpoet 

Document python vulnerability

 

11:00 ehaupt 

Document vulnerability in finance/electrum and finance/electrum2.

PR:		225056
Submitted by:	pete@nomadlogic.org, vermaden@interia.pl (via mail)
Security:	CVE-2018-6353

 

21:45 dbaio 

security/vuxml: Document vulnerability in net-p2p/libtorrent

PR:		224664
Reported by:	Henry David Bartholomew <PopularMoment@protonmail.com>

 

19:29 vsevolod 

- Document CVE-2018-6789 in mail/exim

Security:	316b3c3e-0e98-11e8-8d41-97657151f8c2

 

10:57 rakuco 

Add entries for CVE-2017-17969 and CVE-2018-5996 in p7zip

Security:	CVE-2017-17969
Security:	CVE-2018-5996

 

20:03 cpm 

Document vulnerability in Mpv

PR:		225783
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Obtained from:	https://nvd.nist.gov/vuln/detail/CVE-2018-6360
Security:	CVE-2018-6360

 

22:38 mandree 

Extend mailman CVE-2018-5950 vuln entry to mailman-with-htdig

Security:	3d0eeef8-0cf9-11e8-99b0-d017c2987f9a
Security:	CVE-2018-5950

 

22:23 mandree 

Document Mailman vulnerability

PR:		225767
Submitted by:	Vladimir Krstulja
Reviewed by:	Matthias Andree
Security:	CVE-2018-5950
Security:	3d0eeef8-0cf9-11e8-99b0-d017c2987f9a

 

17:32 girgen 

Add security notice for PostgreSQL

Security:	CVE-2018-1052
Security:	CVE-2018-1053

 

17:02 pi 

security/vuxml: Document recent tiff CVEs

PR:		225545
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

 

21:39 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

 

01:38 leres 

Mark mini_httpd < 1.28 and thttpd < 2.28 as vulnerable as per:

    http://acme.com/updates/archive/199.html

While we're here, fix whitespace in vuln.xml that "make validate"
flagged.

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Security:	CVE-2017-17663
Differential Revision:	D14217

 

05:07 yuri 

Adding VuXML record for vulnerability CVE-2017-15924 in net/shadowsocks-libev.

D14200 (part I).

The next commit will update net/shadowsocks-libev and fix this
vulnerability.

PR:		225442
Submitted by:	myself
Approved by:	adamw (mentor)
Differential Revision:	https://reviews.freebsd.org/D14200

 

18:10 nobutaka 

Add modification date for the entry of w3m vulnerabilities.

Spotted by:	 dbaio

 

13:35 nobutaka 

Update entry of w3m vulnerabilities.

PR:		225611
Submitted by:	D. Ebdrup <debdrup@gmail.com>

 

10:27 tobik 

Document www/palemoon vulnerabilities

PR:		225644
Security:	CVE-2018-5102
Security:	CVE-2018-5122

 

19:55 sunpoet 

Document django vulnerability

 

18:20 brd 

Document vulns in www/w3m.

PR:		225611
Submitted by:	D. Ebdrup <debdrup@gmail.com>

 

13:26 zeising 

Update range for dovecot vulnerability.

 

21:38 jbeich 

security/vuxml: mark waterfox < 56.0.3.65 as vulnerable

 

17:20 zeising 

Add modified date, forgotten in r460325

 

00:53 jbeich 

security/vuxml: mark firefox < 58.0.1 as vulnerable

 

00:53 jbeich 

security/vuxml: bump min waterfox version with FF58 fixes

 

21:17 tijl 

Update range for linux-*-nss.

PR:		225541
Submitted by:	dbn
Security:	https://access.redhat.com/errata/RHSA-2017:2832

 

19:17 zeising 

FIx range for dovecot

2.2.33.2_2 is vulnerable.

 

09:10 kwm 

Document gcab stack overflow.

Security:	CVE-2018-5345

 

14:37 swills 

Document dovecot issue

Submitted by:	Roger Marquis <marquis@roble.com>

 

14:28 swills 

Document curl issue

Submitted by:	Roger Marquis <marquis@roble.com>

 

13:23 cmt 

document recent clamav vulnerabilities

See: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

 

09:00 amdmi3 

Fix wordpress entries in vuxml

- Fix incorrect package names
- Fix epoch in older entry which makes it incorrectly report fresh ports as
vulnerable

With hat:	ports-secteam

 

23:07 jbeich 

security/vuxml: seamonkey 2.49.2 will use firefox-esr 52.6 engine

 

18:43 jbeich 

security/vuxml: mark firefox < 58 as vulnerable

 

11:33 krion 

Fix typo.

 

11:23 krion 

Document new vulnerability in dns/powerdns-recursor < 4.1.1

Obtained
from:	https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
Security:	CVE-2018-1000003

 

02:05 cpm 

Document new vulnerabilities in www/chromium < 63.0.3239.108

Obtained
from:	https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
Security:	CVE-2017-15429

 

01:53 cpm 

Document new vulnerabilities in www/chromium < 63.0.3239.84

Obtained
from:	https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

 

00:39 cpm 

Document new vulnerability in www/chromium < 62.0.3202.94

Obtained
from:	https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
Security:	CVE-2017-15428

 

23:47 cpm 

Add missing entry for www/chromium

Security:	CVE-2017-15406

 

16:43 girgen 

Add more information about the recents security notice for shibboleth2-sp

 

15:12 dbaio 

security/vuxml: Document vulnerability in dns/unbound

Security:	CVE-2017-15105

PR:		225313
Reported by:	jaap@NLnetLabs.nl

 

13:01 joneum 

Document phpbb3 issues

Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D13983

 

12:45 brnrd 

security/vuxml: Fix tabs and spaces settings

 

12:44 brnrd 

security/vuxml: Document 2018Q1 Oracle MySQL vulns

 

06:15 joneum 

Document wordpress issues

Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13954

 

20:50 swills 

Document GitLab issue

 

02:19 woodsb02 

Document DNS rebinding vulnerabilities in net-p2p/transmission-daemon

PR:		225150
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

 

17:23 girgen 

Document vulnerability of devel/xmltooling

security/shibboleth2-sp depends on the xmltooling port

Security:	CVE-2018-0486

 

21:18 adamw 

Add vim-console instead of replacing vim-list.

Reported by:	ohauer

 

20:36 adamw 

Chase the vim-lite -> vim-console rename

 

21:25 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-01.html

 

23:03 dbaio 

security/vuxml: Document vulnerability in www/awstats

Security:	CVE-2017-1000501

PR:		225007
Reported by:	Vidar Karlsen <vidar@karlsen.tech>

 

20:43 dbaio 

security/vuxml: Document multiple vulnerabilities in irc/irssi

Security:	CVE-2018-5205
Security:	CVE-2018-5206
Security:	CVE-2018-5207
Security:	CVE-2018-5208

PR:		224954
Reported by:	tj@mrsk.me (email)
Reported by:	David O'Rourke <dor.bsd@xm0.uk>

 

17:17 jbeich 

security/vuxml: mark firefox < 57.0.4 as vulnerable

 

00:40 ultima 

* Add modified date to for libevhtp vulnerable
Thank you dbaio for catching this.

 

19:08 ultima 

* Add libevhtp to list of vulnerable ports.

Libevhtp prior to 1.2.14 uses oniguruma 5.9.2 and is
vulnerable if using the REGEX option, which is the
default.

 

14:48 dbaio 

security/vuxml: Fix FreeBSD PR bugs references

 

16:41 dbaio 

security/vuxml: Document vulnerabilities in www/otrs

Security:	CVE-2017-16664
Security:	CVE-2017-16854
Security:	CVE-2017-16921

PR:		224729
Reported by:	Vidar Karlsen <vidar@karlsen.tech>

 

09:28 eugen 

Fix cut-n-paste error in the previous addition for bouncycastle15
(6a131fbf-ec76-11e7-aa65-001b216d295b).

 

09:23 eugen 

Document security defect in the Bouncy Castle Crypto APIs: CVE-2017-13098
("ROBOT")

Obtained from:  https://www.bouncycastle.org/releasenotes.html
Security:      
https://vuxml.FreeBSD.org/freebsd/6a131fbf-ec76-11e7-aa65-001b216d295b

 

11:31 jbeich 

security/vuxml: mark thunderbird < 52.5.2 as vulnerable

 

17:03 matthew 

Document phpMyAdmin PMSA-2017-9: Critical XSRF/CSRF vulnerability.

 

10:24 brnrd 

security/vuxml: Fix typo in CVE number of latest Oracle CPU entry

 

09:55 madpilot 

Document new asterisk vulnerability.

 

09:16 brnrd 

security/vuxml: Document new MariaDB vuln

 - This is likely to also affect MySQL and other versions
   see https://security-tracker.debian.org/tracker/CVE-2017-15365

 

14:10 ehaupt 

Document multiple vulnerabilities in rsync.

PR:		224478
Submitted by:	yasu@utahime.org

 

02:15 swills 

Document ruby issue

 

21:48 asomers 

Add vuxml entry for CVE-2017-16355 to rubygem-passenger

The vulnerable version was already replaced by r452356

Reviewed by:	brd
Approved by:	brd (ports)
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13482

 

18:50 zeising 

Document multiple vulnerabilities in libXfont and libXfont2.

The first two vulnerabilities are memory leaks when reading past valid
memory.

The last vulnerability is the possibility for an unprivileged X client to
read privileged files through symlinks

CVE-2017-13720
CVE-2017-13722
CVE-2017-16611

 

15:27 zeising 

Add CVE to references.

 

15:23 zeising 

Document x11/libXcursor -- integer overflow that can lead to heap buffer
overflow.

CVE-2017-16612

 

20:54 sunpoet 

Document global vulnerability